Will the U.S. government ever step up to the plate and properly defend the nation in cyberspace?

I. Government Has Already Flunked the Cybersecurity Test

That's the pressing question as Democrats and Republicans in the U.S. Senate bicker over a pair of proposals designed to offer some improvements to the nation's overall extremely poor state of cybersecurity.

The U.S. has flunked the "real world" security test. [Image Source: The Evergreen Foundation]

These days even teens can outwit the U.S. government's internet security.
[Image Source: Financial Times (left); Michael Mayer (right)]

Meanwhile the U.S. is still grappling with the fallout of giving a low ranking private in the U.S. Army complete, virtually unrestricted access to the entire body of U.S. diplomatic cables and a great deal of military footage.

The soldier -- a teen at the time -- then passed the information on to Wikileaks, a fame and fortune seeking "leaks" brainchild of ex-Australian college professor Julian Assange who resorted to creative Hollywood editing to make U.S. attacks on armed militants look like the murder of unarmed civilians (see the scandal regarding the unedited "Collateral Murder" video). The loss could well end up costing lives, a prospect that allegedly delights WikiLeaks founder who is quoted by a prestigious British journalist (and supported by several other journalists who were at the meeting) as stating that those who cooperate with U.S. forces in the Middle East are traitors to the their people and "deserve to die" (Assange denies saying this calling the journalists liars).

Military secrets leaked and subsequently doctored by Wikileaks have been a massive PR setback for the U.S. military and its allies -- one which may cost lives.

This was just one high profile example in a long string of horrific data losses for the hapless government agencies [1][2][3].

But all of those embarrassments stand secondary to the far more dangerous threat from America's economic superpower rival, China. At a time when there's strong impetus in the U.S. to downsize the federal government and cut programs, the nation is also grappling with the reality of a Chinese government that has no such concerns and is more than willing to reportedly spend billions on its own cyberoffensive programs.

The Congress shall have Power To lay and collect Taxes, Duties, Imposts and Excises, to pay the Debts and provide for the common Defence and general Welfare of the United States; but all Duties, Imposts and Excises shall be uniform throughout the United States;

To raise and support armies, but no appropriation of money to that use shall be for a longer term than two years;

To provide and maintain a navy;

To make rules for the government and regulation of the land and naval forces;

To provide for calling forth the militia to execute the laws of the union, suppress insurrections and repel invasions;

The U.S. Congress has been ineffectual in legislating funding and creating proposals outlining a sensible digital "common Defense" of the nation -- i.e. a "militia" (say, competent contracted security officials) or a digital age army (such as China has built).

In other words, when it comes to their Constitutional responsibility to protect the U.S. against invasions -- including cyberinvasions -- both parties in Congress have failed. Yet the American people remain largely apathetic of these failures and continue to vote for their party of choice, while doing little to voice public discontent over America's ongoing losses in the global cyberwar.

That conflict threatens to sink the Reid bill, as strong opposition from the Republican majority is overwhelming the minority in the party who support the measure. Senator Saxby Chambliss, Jr. (R-GA), states [press release], "More government is seldom a solution to any problem."

Sens. Chambliss and former 2008 presidential candidate John McCain (R-AZ), along with 6 other high-ranking Senate Republicans have sponsored an alternate bill [press release]. Reutersdescribes the bill as "softer". That bill would not provide any additional funds to U.S. cybersecurity or authorize increased DHS oversight of IT/contractors. Instead, it would step up "information sharing" efforts between the U.S. gov't agencies and contractors regarding threats.

Sen. McCain lauded the bill as implement far less regulation than Sen. Reid's proposal. He states, "We believe that ensuring our nation's cybersecurity is critical. We have a bill that would do plenty to meet current challenges."

It should also be noted that Sen. Reid's bill also includes proposals to increase information sharing. Responding to the criticism, he stated, "I look forward to a debate on the Senate floor that will ensure this bill and other proposals get a fair hearing, and which will allow thorough consideration of amendments to improve the legislation."

While the Republicans are in the minority in the U.S. Senate, they do have strong support on the bill from the telecommunication industry, which is wary of increased regulatory powers to the DHS in the Democratic bill.

Industry officials also enjoy a close relationship with the bill's sponsor, Senator McCain. AT&T, Inc. (T) America's second largest mobile carrier and major ISP has provided free service to Sen. McCain's ranch complex in Ariz. And Telecoms/ISPs have heavily financed Sen. McCain's Senate and Presidential runs raising millions for him, favors he returned with hundreds of millions of dollars in tax cuts and tax holidays.

USTelecom President Walter McCormick offered glowing praise for the McCain measure, stating, "We can support the bill introduced today because it pursues those objectives without creating new bureaucracies or regulatory mandates that would erode, rather than enhance, the ability of network providers to provide nimble and effective responses to cyber threats."

The question is whether "information sharing" would do enough to improve the ineffectual cyberdefenses of the U.S. nation against threats from the Chinese and others to water supply, electric grid, financial networks, and transportation infrastructure.

The U.S. House of Representatives' efforts are still in their earlier stages, but a bill similar to Sen. McCain's Senate proposal authorizing the Pentagon to conduct two-way sharing of information with ISPs and contractors regarding threats. The bill passed a procedural vote by the House's Permanent Select Committee on Intelligence and will be headed to a vote on the House floor sometime later this year.

But the Democratic minority in the Republican-controlled House is expected to be crafting their own counterproposal. Thus partisanship may stall legislative efforts in the House, much as the rancor is currently sinking the Senate bills.

In the last five years similar bills have been proposed and slowly died.

IV. Will Someone Who Cares, Please Step up

Howard Schmidt, the White House cybersecurity policy coordinator, is hopeful that Sen. Reid's measure passes. But amid the partisan rancor he's not counting his digital eggs before they hatch. He instead is pushing government agencies to reinterpret current authorization bills and work to promote self-dense of the private sector, aware that Congress may not be able to reach the compromises necessary to defend the nation.

In that way the White House may try to sneak increased cybersecurity regulation "in the back door" via existing programs. But such efforts stand a strong chance of winding up in court, as contractors may sue the federal government if it adopts what they view as unauthorized regulation.

Ultimately at the end of the day all parties involved -- the majority of U.S. businesses and the U.S. government -- are lukewarm on providing strong cybersecurity. That's not to say their half-hearted efforts have come for free. Both the government and private sector pay a lot for cybersecurity.

But in an era where China is conducting almost open for-profit cyberwar against the U.S. and amid a string of embarrassing security breaches to amateur attention-seekers, the efforts are clearly not enough. The problem is that few seem willing to pay the high cost of providing a strong security solution.

At the end of the day, this means that until something changes, the embarrassments for the U.S. government will likely continue. And, China will enjoy a faster path towards its goal of displacing the U.S. as the number one global financial power.

All of us recognize the importance of cybersecurity in the digital world. Time and again, we have heard from experts about the importance of possessing the ability to effectively prevent and respond to cyber threats. We have listened to accounts of cyber espionage originating in countries like China; organized cyber criminals in Russia; and rogue outfits with a domestic presence like ‘Anonymous,’ who unleash cyber-attacks on those who dare to politically disagree. Our own Government Accountability Office has reported that over the last five years, cyber-attacks against the United States are up 650 percent. The threat is real.

quote: George Bush created the DHS, gave them a 100 billion/y budget, and told them to "crack down". And you're right, look at where that has gotten us.

Yes and that was a massive mistake. I personally would love to see the day where the DHS doesn't exist. But how is that going to happen if we start tasking them with more and more responsibilities? Bush is long gone. We act like we're somehow stuck with the DHS. They could go away entirely tomorrow with one simple signature from the President.

quote: Other times, it's just partisan--my party has bigger dick than your party--slop.

I didn't think I was doing that here. But we're talking Harry Reid here. Come on. Would YOU actually vote for a bill coming from that scumbag?

quote: You baffle me. Sometimes your insight is quite deep, neutral, and full of critical thought.